moved SSL config to nginx.conf

2025-08-09 14:07:27 +08:00 · 2018-03-28 08:50:41 +02:00
parent 11ea1c0961
commit bc0ef40b2c
5 changed files with 33 additions and 43 deletions
--- a/public/templates/conf/_general.conf.html
+++ b/public/templates/conf/_general.conf.html
@@ -5,7 +5,10 @@ add_header X-Content-Type-Options "nosniff" always;
 add_header Referrer-Policy "{{ data.referrer_policy }}" always;<!--

 ✔ CSP --><span ng-if="isCSP()">
-add_header Content-Security-Policy "{{ data.content_security_policy }}" always;</span>
+add_header Content-Security-Policy "{{ data.content_security_policy }}" always;</span><!--
+
+✔ HSTS--><span ng-if="isHSTS()">
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;</span>

 # . files
 location ~ /\. {
--- a/public/templates/conf/_ssl.conf.html
+++ b/public/templates/conf/_ssl.conf.html
@@ -1,25 +0,0 @@
-ssl_session_timeout 1d;
-ssl_session_cache shared:SSL:50m;
-ssl_session_tickets off;<!--
-
-✘ SSLProfileModern --><span ng-if="!isSSLProfileModern()">
-
-# Diffie-Hellman parameter for DHE ciphersuites
-ssl_dhparam /etc/nginx/dhparam.pem;</span>
-
-# {{ data.ssl_profile }} configuration
-ssl_protocols {{ sslProfiles[ data.ssl_profile ].protocols }};
-ssl_ciphers {{ sslProfiles[ data.ssl_profile ].ciphers }};
-ssl_prefer_server_ciphers on;<!--
-
-✔ HSTS--><span ng-if="isHSTS()">
-
-# HSTS (1 year, preload)
-add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;</span>
-
-# OCSP Stapling
-ssl_stapling on;
-ssl_stapling_verify on;
-
-resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
-resolver_timeout 2s;
--- a/public/templates/conf/example.com.conf.html
+++ b/public/templates/conf/example.com.conf.html
@@ -26,7 +26,6 @@ server {<!--
 	✔ HTTPS --><span ng-if="isHTTPS()">

 	# SSL
-	include _ssl.conf;
 	ssl_certificate {{ sslCertificate() }};
 	ssl_certificate_key {{ sslCertificateKey() }};<!--

@@ -93,7 +92,6 @@ server {
 	✔ HTTPS --><span ng-if="isHTTPS()">

 	# SSL
-	include _ssl.conf;
 	ssl_certificate {{ sslCertificate() }};
 	ssl_certificate_key {{ sslCertificateKey() }};<!--

@@ -141,7 +139,6 @@ server {
 	✔ HTTPS --><span ng-if="isHTTPS()">

 	# SSL
-	include _ssl.conf;
 	ssl_certificate {{ sslCertificate() }};
 	ssl_certificate_key {{ sslCertificateKey() }};<!--

--- a/public/templates/conf/nginx.conf.html
+++ b/public/templates/conf/nginx.conf.html
@@ -22,17 +22,42 @@ http {
 	types_hash_max_size 2048;
 	client_max_body_size {{ data.client_max_body_size }}M;

-	# mime
+	# MIME
 	include mime.types;
 	default_type application/octet-stream;

 	# logging
 	access_log {{ isAccessLog() ? data.access_log : 'off' }};
-	error_log {{ data.error_log }} warn;<span ng-if="data.limit_req">
+	error_log {{ data.error_log }} warn;<!--
+
+	✔ limitReq --><span ng-if="data.limit_req">

 	# limits
 	limit_req_log_level warn;
-	limit_req_zone $binary_remote_addr zone=login:10m rate=10r/m;</span>
+	limit_req_zone $binary_remote_addr zone=login:10m rate=10r/m;</span><!--
+
+	✔ HTTPS --><span ng-if="isHTTPS()">
+
+	# SSL
+	ssl_session_timeout 1d;
+	ssl_session_cache shared:SSL:50m;
+	ssl_session_tickets off;<!--
+
+	✘ SSLProfileModern --><span ng-if="!isSSLProfileModern()">
+
+	# Diffie-Hellman parameter for DHE ciphersuites
+	ssl_dhparam /etc/nginx/dhparam.pem;</span>
+
+	# {{ data.ssl_profile }} configuration
+	ssl_protocols {{ sslProfiles[ data.ssl_profile ].protocols }};
+	ssl_ciphers {{ sslProfiles[ data.ssl_profile ].ciphers }};
+	ssl_prefer_server_ciphers on;
+
+	# OCSP Stapling
+	ssl_stapling on;
+	ssl_stapling_verify on;
+	resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
+	resolver_timeout 2s;</span>

 	# load configs
 	include /etc/nginx/conf.d/*.conf;<span ng-if="data.file_structure === 'modularized'">